US10084599B2 - Decryption device, method, and circuit - Google Patents

Decryption device, method, and circuit Download PDF

Info

Publication number
US10084599B2
US10084599B2 US15/088,149 US201615088149A US10084599B2 US 10084599 B2 US10084599 B2 US 10084599B2 US 201615088149 A US201615088149 A US 201615088149A US 10084599 B2 US10084599 B2 US 10084599B2
Authority
US
United States
Prior art keywords
false
multiplication operation
decryption
square
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/088,149
Other versions
US20170099142A1 (en
Inventor
Tzung-Juei WU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Realtek Semiconductor Corp
Original Assignee
Realtek Semiconductor Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realtek Semiconductor Corp filed Critical Realtek Semiconductor Corp
Assigned to REALTEK SEMICONDUCTOR CORPORATION reassignment REALTEK SEMICONDUCTOR CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WU, TZUNG-JUEI
Publication of US20170099142A1 publication Critical patent/US20170099142A1/en
Application granted granted Critical
Publication of US10084599B2 publication Critical patent/US10084599B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Definitions

  • the present disclosure relates to a device, a method and a circuit. More particularly, the present disclosure relates to a decryption device, a decryption method, and a circuit.
  • An RSA encryption algorithm is an asymmetric encryption algorithm.
  • An encryption device can use an RSA public key to encrypt a message. After the encrypted message is received by the decryption device, the decryption device can use an RSA private key to decrypt the encrypted message.
  • an attacker may measure a relevant signal (e.g., a voltage or power) of the decryption device to determine the operation performed by the decryption device, so as to acquire the RSA private key used in the decryption device.
  • a relevant signal e.g., a voltage or power
  • the decryption method includes receiving encrypted data, in which the encrypted data is encrypted by an RSA public key, and performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data.
  • a first false square operation is performed in performing one of the at least one multiplication operation, or a first false multiplication operation is performed in performing one of the at least one square operation.
  • the decryption device includes a communication module and a decryption component.
  • the decryption component is configured for receiving, through the communication module, encrypted data, in which the encrypted data is encrypted by an RSA public key, and performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data.
  • a first false square operation is performed in performing one of the at least one multiplication operation, or a first false multiplication operation is performed in performing one of the at least one square operation.
  • the decryption circuit includes a squarer, a multiplier, a multiplexer, and a register.
  • the squarer receives an input value, and perform a square operation to the input value to generate an output of the squarer.
  • the multiplier receives the input value and encrypted data, and performs a multiplication operation with the input value and the encrypted data to generate an output of the multiplier.
  • the multiplexer receives the output of the squarer and the output of multiplier, and outputs one of the output of the squarer and the output of multiplier as a multiplexer output according to an RSA private key.
  • the register temporarily stores the multiplexer output, and provides the multiplexer output to the squarer and the multiplier to serve as a new input value. The square operation and the multiplication operation are performed simultaneously.
  • FIG. 1 is a schematic block diagram of a decryption system according to one embodiment of the present disclosure.
  • FIG. 2 is a flowchart of a decryption method according to one embodiment of the present disclosure.
  • FIG. 3 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
  • FIG. 4 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
  • FIG. 5 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
  • FIG. 6 is a schematic block diagram of a decryption circuit according to one embodiment of the present disclosure.
  • FIG. 7 is a schematic block diagram of a decryption circuit according to one embodiment of the present disclosure.
  • FIG. 1 is a schematic block diagram of a decryption system 10 according to one embodiment of the present disclosure.
  • the decryption system 10 includes a decryption device 100 and an encryption device 20 .
  • the encryption device 20 is configured to use an RSA public key to encrypt a message so as to generate encrypted data N.
  • the decryption device 100 is configured to receive the encrypted data N and decrypt the encrypted data N.
  • the decryption device 100 includes a decryption component 110 and a communication module 120 electrically connected to each other.
  • the communication module 120 is configured to receive the encrypted data N from the encryption device 20 and to transmit the encrypted data N to the decryption component 110 .
  • the decryption component 110 is configured to decrypt the encrypted data N.
  • the decryption component 110 can be realized by a central processor, a microprocessor, or another suitable calculating device performing specific commands or specific computer programs, or can be realized by a circuit.
  • the communication module 120 can be realized by a wired or wireless communication component.
  • a decryption method 200 can be applied to a device having a structure that is the same as or similar to the decryption device 100 shown in FIG. 1 .
  • the embodiment shown in FIG. 1 is used as an example to describe the decryption method 200 according to an embodiment of the present disclosure.
  • Step S1 The decryption component 110 receives encrypted data N from the encryption device 20 through the communication module 120 .
  • the encrypted data N is encrypted by an RSA public key.
  • Step S2 The decryption component 110 decrypts the encrypted data N.
  • the decryption component 110 performs at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data N to decrypt the encrypted data N and acquire decrypted data, in which the RSA private key corresponds to the RSA public key.
  • a value of the RSA private key is 123, and a binary form of the RSA private key is 2′1111011.
  • a multiplication operation and/or a square operation are/is performed corresponding to each of the bits sequentially.
  • the decryption component 110 performs a square operation SQ.
  • the decryption component 110 sequentially performs a multiplication operation MT and a square operation SQ.
  • the decryption component 110 performs a multiplication operation MT.
  • the number of times that the multiplication operations are performed corresponds to the number of “1's” in the binary form of the RSA private key. For example, in Table 1, other than the first bit from the left, there are five “1's” in the binary form of the RSA private key, and therefore, the multiplication operations are performed five times in the decryption operation.
  • the decryption component 110 when a multiplication operation is performed, the decryption component 110 performs a first false square operation according to the encrypted data N at the same time. Also, when a square operation is performed, the decryption component 110 performs a first false multiplication operation according to the encrypted data N at the same time. The calculation result of the first false square operation or the calculation result of the first false multiplication operation is not used in generating the decrypted data.
  • the first false square operation or the first false multiplication operation is performed concurrent with the multiplication operation or the square operation respectively, it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal (e.g., power, current, voltage, temperature, frequency) of the decryption device 100 .
  • a relevant signal e.g., power, current, voltage, temperature, frequency
  • the number of times the first false multiplication operation is performed is equal to or less than the number of times the square operation is performed. Similarly, the number of times the first false square operation is performed is equal to or less than the number of times the multiplication operation is performed.
  • the value of the RSA private key is 123, and a binary form of the RSA private key is 2′1111011.
  • a corresponding waveform of a relevant signal of the decryption device 100 has a characteristic value (e.g., amplitude) a 1
  • a corresponding waveform of the relevant signal of the decryption device 100 has a characteristic value a 2 .
  • the decryption component 110 when the decryption component 110 sequentially performs the operations in the operation sequence 2 , the decryption component 110 also sequentially performs the first false multiplication operations MT′ and first false square operations SQ′ in the sequence 4 , so that each of the square operations SQ and each of the first false multiplication operations MT′ are performed concurrently, and each of the multiplication operations MT and each of the first false square operations SQ′ are performed concurrently.
  • a corresponding waveform of a relevant signal of the decryption device 100 has the characteristic value a 1
  • a corresponding waveform of the relevant signal of the decryption device 100 has the characteristic value a 2 .
  • the decryption component 110 before or after the at least one multiplication operation or the at least one square operation is performed, performs at least one second false square operation or at least one second false multiplication operation.
  • the second false square operation and the second false multiplication operation are null operations, which are configured to be inserted before, between, or after the original operation sequence (e.g., the operation sequence 2 in FIG. 3 ), to confuse any attacker who might measure a relevant signal of the decryption device 100 .
  • the square operation or the second false square operation is performed between two of the second false multiplication operations, two of the multiplication operations, or one of the second false multiplication operations and one of the multiplication operations. In such a manner, presentation of an abnormal sequence after the second false multiplication operations and the second false square operations are inserted can be avoided, so as to prevent an attacker from acquiring additional information.
  • the value of the RSA private key is 123
  • a binary form of the RSA private key is 2′1111011.
  • the decryption component 110 sequentially performs the square operation SQ, the multiplication operation MT, the second square operation SQ′′, and the second multiplication operation MT′′.
  • the calculation result of the second false square operation SQ′′ or the calculation result of the second false multiplication operation MT′′ is not used in generating the decrypted data. In such a manner, in the decryption operation, even if an attacker measures a relevant signal to acquire the operations in the operation sequence 8 performed by the decryption device 100 , it is difficult for the attacker to identify the RSA private key.
  • the decryption component 110 can perform the operation sequence 22 with the second false square operation SQ′′ and the second false multiplication operation MT′′ inserted therein. In performing the operation sequence 22 , the decryption component 110 also performs the operation sequence 24 , so that one of the square operation SQ and the second false square operation SQ′′ is performed concurrent with the first false multiplication operation MT′, and one of the multiplication operation MT and the second false multiplication operation MT′′ is performed concurrent with the first false square operation SQ′. In such a manner, in the decryption operation, it is difficult for the attacker to identify the RSA private key from the measured operation sequence 26 .
  • the decryption component 110 may include a decryption circuit, such as a decryption circuit 112 as shown in FIG. 6 , for performing the decryption operation described above.
  • the decryption circuit 112 includes a squarer SQC, a multiplier MTC, a multiplexer MUX, and a register REG.
  • the input end of the squarer SQC and the first input end of the multiplier MTC are electrically connected to the output end of the register REG and an input end of the encrypted data N.
  • the second input end of the multiplier MTC is configured to receive the encrypted data N.
  • the output end of the squarer SQC and the output end of the multiplier MTC are respectively and electrically connected to the first input end and the second input end of the multiplexer MUX.
  • the control end of the multiplexer MUX is configured to receive a control signal CS, in which the control signal CS corresponds to the RSA private key.
  • the output end of the multiplexer MUX is electrically connected to the input end of the register REG.
  • the squarer SQC performs a square operation to the input value so as to generate an output of the squarer
  • the multiplier MTC performs a multiplication operation with the input value and the encrypted data N to generate an output of multiplier, in which the input value may be the encrypted data N or an output of the register REG.
  • the multiplexer MUX outputs one of the output of the squarer and the output of multiplier as a multiplexer output according to the control signal CS.
  • the register REG receives the multiplexer output, temporarily stores the multiplexer output, and provides the multiplexer output to the squarer SQC and the multiplier MTC to serve as a new input value.
  • the square operation performed by the squarer SQC is performed concurrent with the multiplication operation performed by the multiplier MTC, so that it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal of the decryption device 100 .
  • both the input values of the squarer SQC and the multiplier MTC are N.
  • the squarer SQC performs a square operation and outputs N ⁇ 2.
  • the multiplier MTC performs a multiplication operation and outputs N ⁇ 2.
  • the multiplexer MUX selects the output of the squarer as a first multiplexer output according to the control signal CS.
  • the register REG temporarily stores the first multiplexer output and provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
  • both the input values of the squarer SQC and the multiplier MTC are N ⁇ 2.
  • the squarer SQC performs a square operation and outputs NM.
  • the multiplier MTC performs a multiplication operation and outputs N ⁇ 3.
  • the multiplexer MUX selects the output of multiplier (i.e., N ⁇ 3) as a second multiplexer output according to the control signal CS.
  • the register REG temporarily stores the second multiplexer output and provides the second multiplexer output to the squarer SQC and the multiplier MTC in a next period. The rest may be deduced by analogy.
  • the decryption circuit 112 may further include a controller CTL (shown by the dashed line).
  • the controller CTL is electrically connected to the register REG, and is configured for controlling the register REG to either provide or not provide the new multiplexer output to the squarer SQC and the multiplier MTC.
  • the controller CTL can control the register REG to maintain the original multiplexer output and provide the original multiplexer output to the squarer SQC and the multiplier MTC.
  • the controller CTL can control the register REG to temporarily store the new multiplexer output and provide the new multiplexer output to the squarer SQC and the multiplier MTC.
  • both the input values of the squarer SQC and of the multiplier MTC are N, and both of the squarer SQC and the multiplier MTC output N ⁇ 2.
  • the multiplexer MUX selects the output of the squarer as a first multiplexer output according to the control signal CS.
  • the controller CTL controls the register REG to temporarily store the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
  • both the input values of the squarer SQC and the multiplier MTC are N ⁇ 2.
  • the multiplexer MUX selects the output of multiplier as a second multiplexer output according to the control signal CS.
  • the controller CTL controls the register REG to maintain the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
  • both the input values of the squarer SQC and the multiplier MTC are N ⁇ 2.
  • the multiplexer MUX selects the output of the squarer as a third multiplexer output according to the control signal CS.
  • the controller CTL controls the register REG to maintain the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
  • both the input values of the squarer SQC and the multiplier MTC are N ⁇ 2.
  • the multiplexer MUX selects the output of multiplier (i.e., N ⁇ 3) as a fourth multiplexer output according to the control signal CS.
  • the controller CTL controls the register REG to temporarily store the fourth multiplexer output, so that the register REG provides the fourth multiplexer output to the squarer SQC and the multiplier MTC in a next period to serve as a new input value.
  • the decryption component 110 may include a decryption circuit 114 as shown in FIG. 7 for performing the decryption operation described above.
  • the decryption circuit 114 includes a multiplier MTC, a multiplexer MUX, a register REG, and a controller CTL.
  • the first input end of the multiplexer MUX is electrically connected to the output end of the register REG and the input end of the encrypted data N.
  • the second input end of the multiplexer MUX is configured to receive the encrypted data N.
  • the control end of the multiplexer MUX is configured to receive a control signal CS.
  • the output end of the multiplexer MUX is electrically connected to a first input end of the multiplier MTC.
  • the second input end of the multiplier MTC is electrically connected to the output end of the register REG and the input end of the encrypted data N.
  • the output end of the multiplier MTC is electrically connected to the register REG.
  • the controller CTL is electrically connected to the register REG.
  • the multiplexer MUX is configured to output the received input value or the received encrypted data N according to the RSA private key (e.g., the control signal CS), in which the input value may be the encrypted data N or an output of the register REG.
  • the multiplier MTC is configured to perform a multiplication operation with the input value and a multiplexer output (i.e., the output of the multiplexer MUX) to generate an output of multiplier.
  • the register REG is configured to receive the output of multiplier, to temporarily store the output of multiplier, and to provide the output of multiplier to the multiplexer MUX and the multiplier MTC to serve as a new input value.
  • the controller CTL is configured to control the register REG to provide or not provide the new output of multiplier to the multiplexer MUX and the multiplier MTC, in which the function of the controller CTL described herein may be identical to the controller CTL shown in FIG. 6 .
  • both the input values of the squarer SQC and the multiplier MTC are N.
  • the multiplexer MUX selects the input value as the multiplexer output according to the control signal CS.
  • the multiplier MTC outputs N ⁇ 2 as a first output of multiplier.
  • the controller CTL controls the register REG to maintain an original value (e.g., a NULL value), so that the register REG provides the original value to the multiplexer MUX and the multiplier MTC in a next period (e.g., period P 2 ).
  • both the input values of the squarer SQC and the multiplier MTC are still N.
  • the multiplexer MUX selects the encrypted data N as the multiplexer output according to the control signal CS.
  • the multiplier MTC outputs N ⁇ 2 as a second output of multiplier.
  • the controller CTL controls the register REG to maintain the original value, so that the register REG provides the original value to the multiplexer MUX and the multiplier MTC in a next period.
  • period P 3 The operations in period P 3 are similar to the operations in period P 1 , and therefore, a description in this regard is not repeated herein.
  • both the input values of the squarer SQC and the multiplier MTC are still N.
  • the multiplexer MUX selects the input value as the multiplexer output according to the control signal CS.
  • the multiplier MTC outputs N ⁇ 2 as a fourth output of multiplier.
  • the controller CTL controls the register REG to temporarily store the fourth output of multiplier, so that the register REG provides the fourth output of multiplier to the multiplexer MUX and the multiplier MTC in a next period. The rest may be deduced by analogy.

Abstract

A decryption method includes receiving encrypted data, in which the encrypted data is encrypted by an RSA public key; and performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data. A false square operation is performed in performing one of the at least one multiplication operation, or a false multiplication operation is performed in performing one of the at least one square operation.

Description

RELATED APPLICATIONS
This application claims priority to Taiwanese Application Serial Number 104132890 filed Oct. 6, 2015, which is herein incorporated by reference.
BACKGROUND
Technical Field
The present disclosure relates to a device, a method and a circuit. More particularly, the present disclosure relates to a decryption device, a decryption method, and a circuit.
Description of Related Art
An RSA encryption algorithm is an asymmetric encryption algorithm. An encryption device can use an RSA public key to encrypt a message. After the encrypted message is received by the decryption device, the decryption device can use an RSA private key to decrypt the encrypted message.
However, when the decryption device performs the decryption, an attacker may measure a relevant signal (e.g., a voltage or power) of the decryption device to determine the operation performed by the decryption device, so as to acquire the RSA private key used in the decryption device.
Therefore, a decryption method capable of defending against sideband attacks is desired.
SUMMARY
One aspect of the present disclosure is related to a decryption method. The decryption method includes receiving encrypted data, in which the encrypted data is encrypted by an RSA public key, and performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data. A first false square operation is performed in performing one of the at least one multiplication operation, or a first false multiplication operation is performed in performing one of the at least one square operation.
Another aspect of the present disclosure relates to a decryption device. The decryption device includes a communication module and a decryption component. The decryption component is configured for receiving, through the communication module, encrypted data, in which the encrypted data is encrypted by an RSA public key, and performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data. A first false square operation is performed in performing one of the at least one multiplication operation, or a first false multiplication operation is performed in performing one of the at least one square operation.
Another aspect of the present disclosure is related to a decryption circuit. The decryption circuit includes a squarer, a multiplier, a multiplexer, and a register. The squarer receives an input value, and perform a square operation to the input value to generate an output of the squarer. The multiplier receives the input value and encrypted data, and performs a multiplication operation with the input value and the encrypted data to generate an output of the multiplier. The multiplexer receives the output of the squarer and the output of multiplier, and outputs one of the output of the squarer and the output of multiplier as a multiplexer output according to an RSA private key. The register temporarily stores the multiplexer output, and provides the multiplexer output to the squarer and the multiplier to serve as a new input value. The square operation and the multiplication operation are performed simultaneously.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a schematic block diagram of a decryption system according to one embodiment of the present disclosure.
FIG. 2 is a flowchart of a decryption method according to one embodiment of the present disclosure.
FIG. 3 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
FIG. 4 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
FIG. 5 illustrates an operative example of a decryption method according to one embodiment of the present disclosure.
FIG. 6 is a schematic block diagram of a decryption circuit according to one embodiment of the present disclosure.
FIG. 7 is a schematic block diagram of a decryption circuit according to one embodiment of the present disclosure.
 DETAILED DESCRIPTION
FIG. 1 is a schematic block diagram of a decryption system 10 according to one embodiment of the present disclosure. The decryption system 10 includes a decryption device 100 and an encryption device 20. The encryption device 20 is configured to use an RSA public key to encrypt a message so as to generate encrypted data N. The decryption device 100 is configured to receive the encrypted data N and decrypt the encrypted data N.
The decryption device 100 includes a decryption component 110 and a communication module 120 electrically connected to each other. The communication module 120 is configured to receive the encrypted data N from the encryption device 20 and to transmit the encrypted data N to the decryption component 110. The decryption component 110 is configured to decrypt the encrypted data N.
In one embodiment, the decryption component 110 can be realized by a central processor, a microprocessor, or another suitable calculating device performing specific commands or specific computer programs, or can be realized by a circuit. In one embodiment, the communication module 120 can be realized by a wired or wireless communication component.
Referring to FIG. 2, a decryption method 200 can be applied to a device having a structure that is the same as or similar to the decryption device 100 shown in FIG. 1. In the following paragraphs, the embodiment shown in FIG. 1 is used as an example to describe the decryption method 200 according to an embodiment of the present disclosure.
Step S1: The decryption component 110 receives encrypted data N from the encryption device 20 through the communication module 120. The encrypted data N is encrypted by an RSA public key.
Step S2: The decryption component 110 decrypts the encrypted data N. The decryption component 110 performs at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data N to decrypt the encrypted data N and acquire decrypted data, in which the RSA private key corresponds to the RSA public key.
A descriptive example is described with reference to Table 1. For this example, a value of the RSA private key is 123, and a binary form of the RSA private key is 2′1111011. In the decryption operation, a multiplication operation and/or a square operation are/is performed corresponding to each of the bits sequentially. Taking the sequence 2 in FIG. 3 as an example, in period T1, the decryption component 110 performs a square operation SQ. In periods T2 and T3, since a second bit from the left of the binary form of the RSA private key is 1, the decryption component 110 sequentially performs a multiplication operation MT and a square operation SQ. In period T8, since a fifth bit from the left of the binary form of the RSA private key is 0, the decryption component 110 performs a multiplication operation MT.
TABLE 1
binary form
1 1 1 1 0 1 1
multiplication operation
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
square operation
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
Figure US10084599-20180925-P00001
In the decryption operation, the number of times that the multiplication operations are performed corresponds to the number of “1's” in the binary form of the RSA private key. For example, in Table 1, other than the first bit from the left, there are five “1's” in the binary form of the RSA private key, and therefore, the multiplication operations are performed five times in the decryption operation. In addition, in the decryption operation, the number of times that the square operations are performed corresponds to a binary bit length of the RSA private key. For example, since the binary bit length of the RSA private key is 7, the square operation is performed 7−1=6 times in the decryption operation.
It should be noted that, when a multiplication operation is performed, the decryption component 110 performs a first false square operation according to the encrypted data N at the same time. Also, when a square operation is performed, the decryption component 110 performs a first false multiplication operation according to the encrypted data N at the same time. The calculation result of the first false square operation or the calculation result of the first false multiplication operation is not used in generating the decrypted data. Since the first false square operation or the first false multiplication operation is performed concurrent with the multiplication operation or the square operation respectively, it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal (e.g., power, current, voltage, temperature, frequency) of the decryption device 100.
In one embodiment, the number of times the first false multiplication operation is performed is equal to or less than the number of times the square operation is performed. Similarly, the number of times the first false square operation is performed is equal to or less than the number of times the multiplication operation is performed.
In the paragraphs below, an operative example is provided with reference to FIG. 3. In this operative example, the value of the RSA private key is 123, and a binary form of the RSA private key is 2′1111011. When the decryption component 110 performs a square operation SQ, a corresponding waveform of a relevant signal of the decryption device 100 has a characteristic value (e.g., amplitude) a1, and when the decryption component 110 performs a multiplication operation MT, a corresponding waveform of the relevant signal of the decryption device 100 has a characteristic value a2.
In addition, in this operative example, when the decryption component 110 sequentially performs the operations in the operation sequence 2, the decryption component 110 also sequentially performs the first false multiplication operations MT′ and first false square operations SQ′ in the sequence 4, so that each of the square operations SQ and each of the first false multiplication operations MT′ are performed concurrently, and each of the multiplication operations MT and each of the first false square operations SQ′ are performed concurrently. When the decryption component 110 performs the first false square operation SQ′, a corresponding waveform of a relevant signal of the decryption device 100 has the characteristic value a1, and when the decryption component 110 performs the first false multiplication operation MT′, a corresponding waveform of the relevant signal of the decryption device 100 has the characteristic value a2.
Through such operations, in the decryption operation, even if an attacker measures the relevant signal of the decryption device 100, the attacker can only acquire the sequence 6 which is the result of summing relevant signals of the sequence 2 and the sequence 4, and it is therefore difficult to identify the RSA private key from such a measurement result.
In some embodiments of the present disclosure, before or after the at least one multiplication operation or the at least one square operation is performed, the decryption component 110 performs at least one second false square operation or at least one second false multiplication operation. The second false square operation and the second false multiplication operation are null operations, which are configured to be inserted before, between, or after the original operation sequence (e.g., the operation sequence 2 in FIG. 3), to confuse any attacker who might measure a relevant signal of the decryption device 100.
In one embodiment, the square operation or the second false square operation is performed between two of the second false multiplication operations, two of the multiplication operations, or one of the second false multiplication operations and one of the multiplication operations. In such a manner, presentation of an abnormal sequence after the second false multiplication operations and the second false square operations are inserted can be avoided, so as to prevent an attacker from acquiring additional information.
In the paragraphs below, an operative example is provided with reference to FIG. 4. In this operative example, the value of the RSA private key is 123, and a binary form of the RSA private key is 2′1111011. In the decryption operation, the decryption component 110 sequentially performs the square operation SQ, the multiplication operation MT, the second square operation SQ″, and the second multiplication operation MT″. The calculation result of the second false square operation SQ″ or the calculation result of the second false multiplication operation MT″ is not used in generating the decrypted data. In such a manner, in the decryption operation, even if an attacker measures a relevant signal to acquire the operations in the operation sequence 8 performed by the decryption device 100, it is difficult for the attacker to identify the RSA private key.
Reference is made to FIG. 5. The decryption component 110 can perform the operation sequence 22 with the second false square operation SQ″ and the second false multiplication operation MT″ inserted therein. In performing the operation sequence 22, the decryption component 110 also performs the operation sequence 24, so that one of the square operation SQ and the second false square operation SQ″ is performed concurrent with the first false multiplication operation MT′, and one of the multiplication operation MT and the second false multiplication operation MT″ is performed concurrent with the first false square operation SQ′. In such a manner, in the decryption operation, it is difficult for the attacker to identify the RSA private key from the measured operation sequence 26.
In one embodiment of the present disclosure, the decryption component 110 may include a decryption circuit, such as a decryption circuit 112 as shown in FIG. 6, for performing the decryption operation described above. As illustrated in FIG. 6, the decryption circuit 112 includes a squarer SQC, a multiplier MTC, a multiplexer MUX, and a register REG. The input end of the squarer SQC and the first input end of the multiplier MTC are electrically connected to the output end of the register REG and an input end of the encrypted data N. The second input end of the multiplier MTC is configured to receive the encrypted data N. The output end of the squarer SQC and the output end of the multiplier MTC are respectively and electrically connected to the first input end and the second input end of the multiplexer MUX. The control end of the multiplexer MUX is configured to receive a control signal CS, in which the control signal CS corresponds to the RSA private key. The output end of the multiplexer MUX is electrically connected to the input end of the register REG.
The squarer SQC performs a square operation to the input value so as to generate an output of the squarer, and the multiplier MTC performs a multiplication operation with the input value and the encrypted data N to generate an output of multiplier, in which the input value may be the encrypted data N or an output of the register REG. The multiplexer MUX outputs one of the output of the squarer and the output of multiplier as a multiplexer output according to the control signal CS. The register REG receives the multiplexer output, temporarily stores the multiplexer output, and provides the multiplexer output to the squarer SQC and the multiplier MTC to serve as a new input value.
In this embodiment, the square operation performed by the squarer SQC is performed concurrent with the multiplication operation performed by the multiplier MTC, so that it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal of the decryption device 100.
For example, referring to both FIGS. 3 and 6, in period T1, both the input values of the squarer SQC and the multiplier MTC are N. The squarer SQC performs a square operation and outputs N^2. Concurrently, the multiplier MTC performs a multiplication operation and outputs N^2. The multiplexer MUX selects the output of the squarer as a first multiplexer output according to the control signal CS. The register REG temporarily stores the first multiplexer output and provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
In period T2, both the input values of the squarer SQC and the multiplier MTC are N^2. The squarer SQC performs a square operation and outputs NM. Concurrently, the multiplier MTC performs a multiplication operation and outputs N^3. The multiplexer MUX selects the output of multiplier (i.e., N^3) as a second multiplexer output according to the control signal CS. The register REG temporarily stores the second multiplexer output and provides the second multiplexer output to the squarer SQC and the multiplier MTC in a next period. The rest may be deduced by analogy.
By implementing the operations described above, it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal of the decryption device 100.
In one embodiment, the decryption circuit 112 may further include a controller CTL (shown by the dashed line). The controller CTL is electrically connected to the register REG, and is configured for controlling the register REG to either provide or not provide the new multiplexer output to the squarer SQC and the multiplier MTC.
For example, in a first operating state, when the register REG receives a new multiplexer output, the controller CTL can control the register REG to maintain the original multiplexer output and provide the original multiplexer output to the squarer SQC and the multiplier MTC. In a second operating state, when the register REG receives a new multiplexer output, the controller CTL can control the register REG to temporarily store the new multiplexer output and provide the new multiplexer output to the squarer SQC and the multiplier MTC.
For instance, referring to both FIGS. 5 and 6, in period Q1, both the input values of the squarer SQC and of the multiplier MTC are N, and both of the squarer SQC and the multiplier MTC output N^2. The multiplexer MUX selects the output of the squarer as a first multiplexer output according to the control signal CS. The controller CTL controls the register REG to temporarily store the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
In period Q2, both the input values of the squarer SQC and the multiplier MTC are N^2. The squarer SQC outputs N^4, and the multiplier MTC outputs N^3 concurrently. The multiplexer MUX selects the output of multiplier as a second multiplexer output according to the control signal CS. The controller CTL controls the register REG to maintain the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
In period Q3, both the input values of the squarer SQC and the multiplier MTC are N^2. The squarer SQC outputs N^4, and the multiplier MTC outputs N^3 concurrently. The multiplexer MUX selects the output of the squarer as a third multiplexer output according to the control signal CS. The controller CTL controls the register REG to maintain the first multiplexer output, so that the register REG provides the first multiplexer output to the squarer SQC and the multiplier MTC in a next period.
In period Q4, both the input values of the squarer SQC and the multiplier MTC are N^2. The squarer SQC outputs N^4, and the multiplier MTC outputs N^3 concurrently. The multiplexer MUX selects the output of multiplier (i.e., N^3) as a fourth multiplexer output according to the control signal CS. The controller CTL controls the register REG to temporarily store the fourth multiplexer output, so that the register REG provides the fourth multiplexer output to the squarer SQC and the multiplier MTC in a next period to serve as a new input value.
As a result of the operations described above, it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal of the decryption device 100.
In an alternative embodiment of the present disclosure, the decryption component 110 may include a decryption circuit 114 as shown in FIG. 7 for performing the decryption operation described above. In the embodiment of FIG. 7, the decryption circuit 114 includes a multiplier MTC, a multiplexer MUX, a register REG, and a controller CTL. The first input end of the multiplexer MUX is electrically connected to the output end of the register REG and the input end of the encrypted data N. The second input end of the multiplexer MUX is configured to receive the encrypted data N. The control end of the multiplexer MUX is configured to receive a control signal CS. The output end of the multiplexer MUX is electrically connected to a first input end of the multiplier MTC. The second input end of the multiplier MTC is electrically connected to the output end of the register REG and the input end of the encrypted data N. The output end of the multiplier MTC is electrically connected to the register REG. The controller CTL is electrically connected to the register REG.
The multiplexer MUX is configured to output the received input value or the received encrypted data N according to the RSA private key (e.g., the control signal CS), in which the input value may be the encrypted data N or an output of the register REG. The multiplier MTC is configured to perform a multiplication operation with the input value and a multiplexer output (i.e., the output of the multiplexer MUX) to generate an output of multiplier. The register REG is configured to receive the output of multiplier, to temporarily store the output of multiplier, and to provide the output of multiplier to the multiplexer MUX and the multiplier MTC to serve as a new input value. The controller CTL is configured to control the register REG to provide or not provide the new output of multiplier to the multiplexer MUX and the multiplier MTC, in which the function of the controller CTL described herein may be identical to the controller CTL shown in FIG. 6.
For example, referring to both FIGS. 4 and 6, in period P1, both the input values of the squarer SQC and the multiplier MTC are N. The multiplexer MUX selects the input value as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as a first output of multiplier. The controller CTL controls the register REG to maintain an original value (e.g., a NULL value), so that the register REG provides the original value to the multiplexer MUX and the multiplier MTC in a next period (e.g., period P2).
In period P2, both the input values of the squarer SQC and the multiplier MTC are still N. The multiplexer MUX selects the encrypted data N as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as a second output of multiplier. The controller CTL controls the register REG to maintain the original value, so that the register REG provides the original value to the multiplexer MUX and the multiplier MTC in a next period.
The operations in period P3 are similar to the operations in period P1, and therefore, a description in this regard is not repeated herein.
In period P4, both the input values of the squarer SQC and the multiplier MTC are still N. The multiplexer MUX selects the input value as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as a fourth output of multiplier. The controller CTL controls the register REG to temporarily store the fourth output of multiplier, so that the register REG provides the fourth output of multiplier to the multiplexer MUX and the multiplier MTC in a next period. The rest may be deduced by analogy.
As a result of the operations described above, it is difficult for an attacker to acquire the operations in the decryption operation performed by the decryption device 100 and the corresponding RSA private key through measuring a relevant signal of the decryption device 100.
Although the present disclosure has been described in considerable detail with reference to certain embodiments thereof, other embodiments are possible. Therefore, the scope of the appended claims should not be limited to the description of the embodiments contained herein.

Claims (20)

What is claimed is:
1. A decryption method comprising:
receiving, by a communication module of a decryption device, encrypted data, wherein the encrypted data is encrypted by an RSA public key;
performing, by a decryption circuitry of the decryption device, at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data; and
performing, by the decryption circuitry, a first false square operation and a first false multiplication operation according to the encrypted data,
wherein the first false square operation and one of the at least one multiplication operation are performed at the same time, and the first false multiplication operation and one of the at least one square operation are performed at the same time,
wherein the first false square operation is performed whenever the at least one multiplication operation is performed, and the first false multiplication operation is performed whenever the at least one square operation is performed, such that a signal of the decryption circuitry indicating a process of acquiring the decrypted data is a result of summing a signal indicating the first false square operation and a signal indicating the at least one multiplication operation or a result of summing a signal indicating the first false multiplication operation and a signal indicating the at least one square operation, in order to increase a difficulty for an attack to identify the RSA private key.
2. The decryption method as claimed in claim 1, wherein a calculation result of the first false square operation or a calculation result of the first false multiplication operation is not used in generating the decrypted data.
3. The decryption method as claimed in claim 1, wherein a number of times the first false multiplication operation is performed corresponds to a binary bit length of the RSA private key.
4. The decryption method as claimed in claim 1, wherein a number of times the first false multiplication operation is performed and a number of times the at least one square operation is performed are identical.
5. The decryption method as claimed in claim 1, wherein a binary form of the RSA private key comprises a plurality of bits, and a number of times the first square operation is performed corresponding to a number of “1's” in the binary form of the RSA private key.
6. The decryption method as claimed in claim 1, wherein a number of times the first square operation is performed and a number of times the at least one multiplication operation is performed are identical.
7. The decryption method as claimed in claim 1 further comprising:
performing at least one second false square operation or at least one second false multiplication operation before or after the at least one multiplication operation or the at least one square operation is performed.
8. The decryption method as claimed in claim 7, wherein the square operation or the second false square operation is performed between two of the at least one second false multiplication operation, between two of the at least one multiplication operation, or between the at least one second false multiplication operation and the at least one multiplication operation.
9. A decryption device comprises:
a communication module; and
a decryption circuitry configured for:
receiving, through the communication module, encrypted data, wherein the encrypted data is encrypted by an RSA public key;
performing at least one multiplication operation and at least one square operation according to an RSA private key and the encrypted data to acquire decrypted data; and
performing a first false square operation and a first false multiplication operation according to the encrypted data,
wherein the first false square operation and one of the at least one multiplication operation are performed at the same time, and the first false multiplication operation and one of the at least one square operation are performed at the same time,
wherein the first false square operation is performed whenever the at least one multiplication operation is performed, and the first false multiplication operation is performed whenever the at least one square operation is performed, such that a signal of the decryption circuitry indicating a process of acquiring the decrypted data is a result of summing a signal indicating the first false square operation and a signal indicating the at least one multiplication operation or a result of summing a signal indicating the first false multiplication operation and a signal indicating the at least one square operation, in order to increase a difficulty for an attack to identify the RSA private key.
10. The decryption device as claimed in claim 9, wherein a calculation result of the first false square operation or a calculation result of the first false multiplication operation is not used in generating the decrypted data.
11. The decryption device as claimed in claim 9, wherein a number of times the first false multiplication operation is performed corresponds to a binary bit length of the RSA private key.
12. The decryption device as claimed in claim 9, wherein a number of times the first false multiplication operation is performed and a number of times the at least one square operation is performed are identical.
13. The decryption device as claimed in claim 9, wherein a binary form of the RSA private key comprises a plurality of bits, and a number of times the first square operation is performed corresponds to a number of “1's” in the binary form of the RSA private key.
14. The decryption device as claimed in claim 9, wherein a number of times the first square operation is performed and a number of times the at least one multiplication operation is performed are identical.
15. The decryption device as claimed in claim 9, wherein the decryption circuitry is further configured for:
performing at least one second false square operation or at least one second false multiplication operation before or after the at least one multiplication operation or the at least one square operation is performed.
16. The decryption device as claimed in claim 15, wherein the square operation or the second false square operation is performed between two of the at least one second false multiplication operation, two of the at least one multiplication operation, or the at least one second false multiplication operation and the at least one multiplication operation.
17. A decryption circuit comprising:
a squarer configured to receive an input value, and perform a square operation to the input value to generate an output of the squarer;
a multiplier configured to receive the input value and encrypted data, and perform a multiplication operation with the input value and the encrypted data to generate an output of multiplier;
a multiplexer configured to receive the output of the squarer and the output of multiplier, and output one of the output of the squarer and the output of multiplier as a multiplexer output according to an RSA private key; and
a register configured to temporarily store the multiplexer output, and provide the multiplexer output to the squarer and the multiplier to serve as a new input value;
wherein the square operation and the multiplication operation are performed simultaneously, the square operation performed by the squarer is a false square operation if the multiplier performs the multiplication operation, and the multiplication operation performed by the multiplier is a false multiplication operation if the squarer performs the square operation,
wherein the false square operation is performed whenever the multiplication operation is performed, and the false multiplication operation is performed whenever the square operation is performed, such that a signal of the decryption circuit indicating a process of processing the encrypted data is a result of summing the output of the squarer indicating the false square operation and the output of the multiplier indicating the multiplication operation or a result of summing the output of the squarer indicating the square operation and the output of the multiplier indicating the false multiplication operation, in order to increase a difficulty for an attack to identify the RSA private key.
18. The decryption circuit as claimed in claim 17, wherein the input value is equal to the encrypted data, and the encrypted data is encrypted by an RSA public key.
19. The decryption circuit as claimed in claim 17 further comprising:
a controller, wherein in a first operating state, when the register receives a new multiplexer output, the controller controls the register to maintain the multiplexer output and provide the multiplexer output to the squarer and the multiplier.
20. The decryption circuit as claimed in claim 19, wherein in a second operating state, when the register receives the new multiplexer output, the controller controls the register to temporarily store the new multiplexer output and provide the new multiplexer output to the squarer and the multiplier.
US15/088,149 2015-10-06 2016-04-01 Decryption device, method, and circuit Active 2036-10-18 US10084599B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
TW104132890 2015-10-06
TW104132890A TWI575924B (en) 2015-10-06 2015-10-06 Decryption device, method and circuit
TW104132890A 2015-10-06

Publications (2)

Publication Number Publication Date
US20170099142A1 US20170099142A1 (en) 2017-04-06
US10084599B2 true US10084599B2 (en) 2018-09-25

Family

ID=58446849

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/088,149 Active 2036-10-18 US10084599B2 (en) 2015-10-06 2016-04-01 Decryption device, method, and circuit

Country Status (2)

Country Link
US (1) US10084599B2 (en)
TW (1) TWI575924B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI575924B (en) * 2015-10-06 2017-03-21 瑞昱半導體股份有限公司 Decryption device, method and circuit
TWI580243B (en) 2015-10-06 2017-04-21 瑞昱半導體股份有限公司 Decryption device, method and circuit

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6748410B1 (en) * 1997-05-04 2004-06-08 M-Systems Flash Disk Pioneers, Ltd. Apparatus and method for modular multiplication and exponentiation based on montgomery multiplication
US7269261B1 (en) * 1999-09-22 2007-09-11 Raytheon Company Key escrow systems
CN101292274A (en) 2005-10-19 2008-10-22 松下电器产业株式会社 Information security device, information security method, computer program, computer-readable recording medium, and integrated circuit
US20090180610A1 (en) * 2006-04-06 2009-07-16 Nxp B.V. Decryption method
US20090228717A1 (en) * 2006-04-28 2009-09-10 Yuichi Futa System for making program difficult to read, device for making program difficult to read, and method for making program difficult to read
US20100257318A1 (en) 2009-04-03 2010-10-07 Samsung Electronics Co., Ltd. Evicting code sections from secondary memory to improve the security of computing systems
US20110194694A1 (en) * 2005-01-18 2011-08-11 Certicom Corp. Accelerated Verification of Digital Signatures and Public Keys
US20120221618A1 (en) * 2011-02-25 2012-08-30 Inside Secure Encryption method comprising an exponentiation operation
US20130016828A1 (en) * 2011-07-13 2013-01-17 Stmicroelectronics (Rousset) Sas Protection of a modular exponentiation calculation by multiplication by a random quantity
US20140129604A1 (en) * 2012-11-07 2014-05-08 Inside Secure Cryptographic method comprising a modular exponentiation operation
US20140281573A1 (en) * 2013-03-15 2014-09-18 Cryptography Research, Inc. Asymmetrically masked multiplication
US20170099142A1 (en) * 2015-10-06 2017-04-06 Realtek Semiconductor Corporation Decryption device, method, and circuit

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3709553B2 (en) * 2000-12-19 2005-10-26 インターナショナル・ビジネス・マシーンズ・コーポレーション Arithmetic circuit and arithmetic method

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6748410B1 (en) * 1997-05-04 2004-06-08 M-Systems Flash Disk Pioneers, Ltd. Apparatus and method for modular multiplication and exponentiation based on montgomery multiplication
US7269261B1 (en) * 1999-09-22 2007-09-11 Raytheon Company Key escrow systems
US20110194694A1 (en) * 2005-01-18 2011-08-11 Certicom Corp. Accelerated Verification of Digital Signatures and Public Keys
CN101292274A (en) 2005-10-19 2008-10-22 松下电器产业株式会社 Information security device, information security method, computer program, computer-readable recording medium, and integrated circuit
US20100064142A1 (en) * 2005-10-19 2010-03-11 Natsume Matsuzaki Information security device, information security method, computer program, computer-readable recording medium, and integrated circuit
US20090180610A1 (en) * 2006-04-06 2009-07-16 Nxp B.V. Decryption method
US20090228717A1 (en) * 2006-04-28 2009-09-10 Yuichi Futa System for making program difficult to read, device for making program difficult to read, and method for making program difficult to read
US20100257318A1 (en) 2009-04-03 2010-10-07 Samsung Electronics Co., Ltd. Evicting code sections from secondary memory to improve the security of computing systems
US20120221618A1 (en) * 2011-02-25 2012-08-30 Inside Secure Encryption method comprising an exponentiation operation
US20130016828A1 (en) * 2011-07-13 2013-01-17 Stmicroelectronics (Rousset) Sas Protection of a modular exponentiation calculation by multiplication by a random quantity
US20140129604A1 (en) * 2012-11-07 2014-05-08 Inside Secure Cryptographic method comprising a modular exponentiation operation
US20140281573A1 (en) * 2013-03-15 2014-09-18 Cryptography Research, Inc. Asymmetrically masked multiplication
US20170099142A1 (en) * 2015-10-06 2017-04-06 Realtek Semiconductor Corporation Decryption device, method, and circuit

Also Published As

Publication number Publication date
TWI575924B (en) 2017-03-21
US20170099142A1 (en) 2017-04-06
TW201714426A (en) 2017-04-16

Similar Documents

Publication Publication Date Title
CN112291190B (en) Identity authentication method, terminal and server
US20170364691A1 (en) Method and System for Controlling Encryption of Information and Analyzing Information as well as Terminal
US10778431B2 (en) Encrypted text conversion device, computer readable medium, and encryption text conversion method
US20160197729A1 (en) Location aware cryptography
AU2022100184A4 (en) System for and method of authenticating a component of an electronic device
CN105095097B (en) The memory access of randomization
CN105337736A (en) Fully-homomorphic message authentication method, device and system
US20170272243A1 (en) Encryption apparatus, decryption apparatus, cryptography processing system, encryption method, decryption method, encryption program, and decryption program
US11533181B2 (en) Information processing apparatus, registration apparatus, information processing method, and registration method
Tsai et al. A secure ECC-based electronic medical record system.
JP2012080152A (en) Encryption system, encryption apparatus, decryption apparatus, encryption system program and encryption method
US11101981B2 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
US10084599B2 (en) Decryption device, method, and circuit
US10057063B2 (en) Decryption device, method, and circuit
CN113364595B (en) Power grid private data signature aggregation method and device and computer equipment
Martinasek et al. General scheme of differential power analysis
WO2019079048A1 (en) Protecting modular inversion operation from external monitoring attacks
Tsai et al. An ECC-based secure EMR transmission system with data leakage prevention scheme
US20150215113A1 (en) Hash value calculation device, hash value calculation method, and hash value calculation program
CN106571922B (en) Decryption device, method and circuit
CN106571916B (en) Decryption device, method and circuit
CN103580858B (en) RSA Algorithm private key element acquisition methods and acquisition device
US11575742B2 (en) Information processing device for generating registration data in a peer-to-peer network
JP5640531B2 (en) Encryption key analysis method, encryption key analysis device, and encryption key analysis program
JP6516610B2 (en) Memory device, host device, and memory system

Legal Events

Date Code Title Description
AS Assignment

Owner name: REALTEK SEMICONDUCTOR CORPORATION, TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WU, TZUNG-JUEI;REEL/FRAME:038373/0275

Effective date: 20160401

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4